installUnknownSubcommandGuard replaces cobra's silent help fallback on group commands (no Run/RunE) with an unknown_subcommand error. IMPORTANT: every command modified here is also tagged with cmdpolicy.AnnotationPureGroup so the user-layer policy engine continues to treat the command as a pure par
(cmd *cobra.Command)
| 343 | // rule like `max_risk: read` would deny every `<group> --help` call |
| 344 | // with reason_code=risk_not_annotated. |
| 345 | func installUnknownSubcommandGuard(cmd *cobra.Command) { |
| 346 | if cmd.HasSubCommands() && cmd.Run == nil && cmd.RunE == nil { |
| 347 | cmd.RunE = unknownSubcommandRunE |
| 348 | // Route an unknown subcommand to unknownSubcommandRunE even when flags |
| 349 | // are also present (e.g. `sheets +cells-find --url ...`). A pure group |
| 350 | // consumes no flags itself, so unknown flags belong to the (missing) |
| 351 | // subcommand; whitelisting them here prevents cobra from erroring on the |
| 352 | // flag first and printing usage instead of our structured suggestion. |
| 353 | cmd.FParseErrWhitelist.UnknownFlags = true |
| 354 | if cmd.Annotations == nil { |
| 355 | cmd.Annotations = map[string]string{} |
| 356 | } |
| 357 | cmd.Annotations[cmdpolicy.AnnotationPureGroup] = "true" |
| 358 | } |
| 359 | for _, c := range cmd.Commands() { |
| 360 | installUnknownSubcommandGuard(c) |
| 361 | } |
| 362 | } |
| 363 | |
| 364 | // unknownSubcommandRunE replaces cobra's silent help fallback on group commands |
| 365 | // with a typed *errs.ValidationError: a flag that belongs to a missing |
no outgoing calls